SSF_ALERT_CERTEXPIRE: Check & Warn About Certificates Expiring Soon

Posted by — May 12, 2020 in SAP PROGRAM Leave a reply

SSF_ALERT_CERTEXPIRE is a dialog report to check the validity period of certificates. The task of this report is to provide warnings in good time before the expiry of the validity of installed certificates. The warnings can be provided in a variety of ways.

You can also schedule this report as a daily background job as a replacement for the AutoABAP report SSFALRTEXP. To use this report as a replacement, you must specify this in the selections, and set the start time to before 3 am.

By default, the report provides warnings using system log messages and by forwarding these to CCMS alert monitors. In especially critical cases – expiry within the next two working days – the report also provides a warning by informing all users. You can specify the interval between expiry and the start of the warnings. By adjusting and assigning auto-reaction methods within the monitoring architecture, you can also forward alerts (for more information, see the documentation for transaction RZ21).

In addition, warnings are supported through the new Central Alert Framework (see the documentation for transaction ALRTCATDEF).

All alert variants can be tested separately without the need for the corresponding certificates to exist.

Scope of the Checks

  • Number of Days Until Expiry
    • Specifies the number of days for which a certificate must still be valid, before warnings are generated. The default value is 30.
  • Replacement for AutoABAP
    • Select this if this report is to be used instead of the AutoABAP variant SSFCERTEXP. This report must also be started daily before 3 am.
  • Check Certificate List
    • In addition to your own certificates, the report can also check all imported certificates that are administered in the certificate list. The expiry of one of these certificates is less critical.
  • Check the PSEs
    • Activates the checking of all Personal Security Environments (PSE). In this case, the report checks that the security product is correctly installed and that the certificates in the database and the file system match.
  • SSL Servers of All Servers
    • Activates the checking of all SSL server certificates. Each server has its own individual SSL certificates. The check is performed using internal RFC communication.
  • Generate Warnings
    • Specifies whether warnings should be generated.

Generate Warnings Using Alert Framework (Subscription)

  • Warn Using Int. Communication
    • With this variant, the users that have subscribed to the alert category SECSSFCERTEXPIRE are warned.

Generate Warnings Using Alert Framework (Recipients Explicitly Specified)

  • Warn Using Recipient List
    • With this variant, the users to be informed are specified directly.
  • Names of Users to Be Warned
    • List of users to be informed.

Generate Warnings Using Alert Framework (External Communication)

  • Warn Using Ext. Communication
    • With this variant, the report informs users using external communication methods (Internet Mail, telephone, fax, pager, and so on).
  • External Address
    • Specification of the address, such as an e-mail address or telephone number
  • Communication Type
    • Type of communication (in accordance with SAPOffice)

Special Functions

Test Warnings

You can use this function to test the various methods of creating warnings without requiring the corresponding certificates to exist with only a short validity period. In this way, you can ensure that the desired warnings would actually be created in a real case. The value in the Number of Days Until Expiry input field is then interpreted as the number of days for which a fictitious test certificate is still valid.

Lock AutoABAP

You can use the “Lock AutoABAP” function to completely deactivate the automatic running of the AutoABAP SSFALRTEXP, and can, if required, also unlock (activate) it again. The icons on the function button show the current status (locked/unlocked)

Output

The report generates an overview of the installed certificates that contains the following information:

  • Own certificates by use
  • Associated certificate list (optional)
  • Result of the PSE check (optional)
  • SSL Server certificates (optional)

Important Note

If problems occur with the PSEs during the check, then the output list contains only general error messages. To analyze these problems in more detail, use the Trust Manager (transaction STRUST). This provides more detailed information about the cause of the problems and how you can correct them.

If servers are incorrectly configured, the results can vary, depending on which server the report is started on.

You May Also Like

BTC_SEND_SPOOLLIST_AS_DAT: Send spool list in format “Text with Tabs”

BTC_COPY_JOBS: Copy Job to Remote System

SAP utility programs for background processing

RHBAUS01: Compare INDX and T77UU

Leave a Reply?